From 8dab16792485fd72921eb053ff553b57154828ca Mon Sep 17 00:00:00 2001
From: Suhaibinator <42899065+Suhaibinator@users.noreply.github.com>
Date: Sun, 18 May 2025 23:03:08 -0700
Subject: [PATCH 1/4] Add lint and CodeQL workflows

---
 .github/workflows/codeql.yml | 33 +++++++++++++++++++++++++++++++++
 .github/workflows/lint.yaml  | 21 +++++++++++++++++++++
 README.md                    |  5 ++++-
 3 files changed, 58 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/codeql.yml
 create mode 100644 .github/workflows/lint.yaml

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000..ef6fb76
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,33 @@
+name: CodeQL
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: '0 0 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v3
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
new file mode 100644
index 0000000..1b64926
--- /dev/null
+++ b/.github/workflows/lint.yaml
@@ -0,0 +1,21 @@
+name: Lint
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  golangci:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.24'
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: latest
diff --git a/README.md b/README.md
index 979036c..ac16417 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,8 @@
 # SuhaibServer
 
 [![Build, Test, Publish](https://github.com/Suhaibinator/SuhaibServer/actions/workflows/ci.yaml/badge.svg)](https://github.com/Suhaibinator/SuhaibServer/actions/workflows/ci.yaml)
+[![Lint](https://github.com/Suhaibinator/SuhaibServer/actions/workflows/lint.yaml/badge.svg)](https://github.com/Suhaibinator/SuhaibServer/actions/workflows/lint.yaml)
+[![CodeQL](https://github.com/Suhaibinator/SuhaibServer/actions/workflows/codeql.yml/badge.svg)](https://github.com/Suhaibinator/SuhaibServer/actions/workflows/codeql.yml)
 
 **SuhaibServer** is a reverse proxy designed to simplify and enhance TLS and mTLS (Mutual TLS) management beyond what is typically possible in solutions like NGINX or Apache. By leveraging **SNI (Server Name Indication)**, SuhaibServer allows you to define highly granular routing and security policies per domain—right down to specific URLs and query parameters.
 
@@ -275,4 +277,5 @@ MTLSPolicy:
 
 ## License
 
-SuhaibServer is licensed under the [MIT License](LICENSE).  
\ No newline at end of file
+SuhaibServer is licensed under the [MIT License](LICENSE).  
+

From 5367f2faba48dfdf85605dc8fd575d9771b33a69 Mon Sep 17 00:00:00 2001
From: Suhaibinator <42899065+Suhaibinator@users.noreply.github.com>
Date: Sun, 18 May 2025 23:04:58 -0700
Subject: [PATCH 2/4] Potential fix for code scanning alert no. 5: Workflow
 does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Suhaibinator <42899065+Suhaibinator@users.noreply.github.com>
---
 .github/workflows/lint.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index 1b64926..acd0669 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: [ "main" ]
 
+permissions:
+  contents: read
+
 jobs:
   golangci:
     runs-on: ubuntu-latest

From 9d92cf358e545aa215117453b5f580960f0398a4 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 25 Nov 2025 10:00:47 +0000
Subject: [PATCH 3/4] Initial plan


From 22297a286069fba9f216ce60a23c45cc96e9adfa Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 25 Nov 2025 10:02:19 +0000
Subject: [PATCH 4/4] Standardize workflow file extensions to .yaml

Co-authored-by: Suhaibinator <42899065+Suhaibinator@users.noreply.github.com>
---
 .github/workflows/{codeql.yml => codeql.yaml} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename .github/workflows/{codeql.yml => codeql.yaml} (100%)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yaml
similarity index 100%
rename from .github/workflows/codeql.yml
rename to .github/workflows/codeql.yaml